Viewstate Validation fails in web-farm - Usual suspects eliminated

StackOverflow https://stackoverflow.com/questions/15886439

  •  02-04-2022
  •  | 
  •  

Question

I think that I've tried all of the standard responses to this problem, and I know that I've read hundreds of questions and posts about this problem, but none of them seem to have resolved it or shed any light on what the cause is in my scenario. (I'm 5 hours down and no nearer :-( )

  • I have a web-farm of 2 servers.

  • I have set the machine key and validation key in machine.config on both machines

  • Encryption: SHA1, Decryption: AES - These are the defaults, could it help to change them?

  • I have verified that no other config files in the chain (web.cfg, apphost etc.) have a setting for these values.

  • I have added a page to the site (based on this SO) that spits the machine key values back out, and verified that they are the same across requests to both machines and match the values that are in machine .config

  • The server side session state is in a shared state-server, I have verified that sessionid remains constant between requests to the 2 servers.

  • I have verified that the page is completely loaded and the __EVENTVALIDATION hidden field has been rendered into the page before initiating the post. The viewstate size is not too bad at 7.64kb

When a page is rendered from a request to server 1 and then posted back to server 2, I get the dreaded...

Error Message:

Unable to validate data.
at System.Web.Configuration.MachineKeySection.GetDecodedData(Byte[] buf, Byte[] modifier,   Int32 start, Int32 length, Int32& dataLength)
at System.Web.UI.ObjectStateFormatter.Deserialize(String inputString)   HttpApplication.RecordError => HttpApplication.RaiseOnError => global_asax.Application_Error

The post is triggered by a standard, unadulterated asp linkbutton, there is no ajax going on on the page.

Any and all help will be greatly appreciated.

Setting enableViewStateMAC = false is not a solution :-)

Was it helpful?

Solution

Having inherited the servers in the state that they were configured, I never questioned the validity of the keys!!! ...Just checked that they matched on both servers...

Leaving all the encryption / decryption and validation algorithm settings as they were, I generated new keys using this tool which has a few more options than the others.

Problem solved

Moral of the story: If in doubt, generate new keys

... but why and how? Some postbacks with viewstate were working just fine with the old keys, it was only when the postback was to a different server that the problem became evident. If the keys were invalid - missing a character or something - then every postback should have failed - I think

OTHER TIPS

If you've established that the machine keys are the same on both boxes, could it be the encryption/decryption thereof ?

Have you tried using Triple DES and setting the decryptionKey in the machine.config on both servers?

Check here

Also a easy way of making sure the machineKeys are the same is to add a line like this in the web.config.

NB: Assuming you have the same web.config on both servers and making sure that the validationKey and decryptionKey is valid

You can use http://aspnetresources.com/tools/machineKey to generate it.

<system.web>
  <machineKey validationKey="*D9B0EDEA69D81A89BF5FBA2B08BAF691013F86B89A1F6BA8068C6ECC9539074" decryptionKey="*AE2B1966AF65D08F03EDFB" validation="SHA1" decryption="AES" />
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top